← Back to CVEs
CVE-2025-32433
CRITICALCISA KEV10.0
Description
Erlang/OTP is a set of libraries for the Erlang programming language. Prior to versions OTP-27.3.3, OTP-26.2.5.11, and OTP-25.3.2.20, a SSH server may allow an attacker to perform unauthenticated remote code execution (RCE). By exploiting a flaw in SSH protocol message handling, a malicious actor could gain unauthorized access to affected systems and execute arbitrary commands without valid credentials. This issue is patched in versions OTP-27.3.3, OTP-26.2.5.11, and OTP-25.3.2.20. A temporary workaround involves disabling the SSH server or to prevent access via firewall rules.
CVE Details
CVSS v3.1 Score10.0
SeverityCRITICAL
CVSS VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Attack VectorNETWORK
ComplexityLOW
Privileges RequiredNONE
User InteractionNONE
Published4/16/2025
Last Modified11/4/2025
Sourcekev
Honeypot Sightings0
CISA KEV
VendorErlang
ProductErlang/OTP
Vulnerability NameErlang Erlang/OTP SSH Server Missing Authentication for Critical Function Vulnerability
KEV Date Added2025-06-09
Remediation Due Date2025-06-30
Ransomware UseUnknown
Affected Products
cisco:cloud_native_broadband_network_gatewaycisco:confd_basiccisco:enterprise_nfv_infrastructure_softwarecisco:inode_managercisco:ncs_1001cisco:ncs_1002cisco:ncs_1004cisco:ncs_2000_shelf_virtualization_orchestrator_firmwarecisco:ncs_2000_shelf_virtualization_orchestrator_modulecisco:network_services_orchestratorcisco:optical_site_managercisco:rv160cisco:rv160_firmwarecisco:rv160wcisco:rv160w_firmwarecisco:rv260cisco:rv260_firmwarecisco:rv260pcisco:rv260p_firmwarecisco:rv260wcisco:rv260w_firmwarecisco:rv340cisco:rv340_firmwarecisco:rv340wcisco:rv340w_firmwarecisco:rv345cisco:rv345_firmwarecisco:rv345pcisco:rv345p_firmwarecisco:smart_phycisco:staroscisco:ultra_cloud_corecisco:ultra_packet_corecisco:ultra_services_platformdebian:debian_linuxerlang:erlang\/otp
Weaknesses (CWE)
CWE-306
References
https://github.com/erlang/otp/commit/0fcd9c56524b28615e8ece65fc0c3f66ef6e4c12(security-advisories@github.com)
https://github.com/erlang/otp/commit/6eef04130afc8b0ccb63c9a0d8650209cf54892f(security-advisories@github.com)
https://github.com/erlang/otp/commit/b1924d37fd83c070055beb115d5d6a6a9490b891(security-advisories@github.com)
https://github.com/erlang/otp/security/advisories/GHSA-37cp-fgq5-7wc2(security-advisories@github.com)
http://www.openwall.com/lists/oss-security/2025/04/16/2(af854a3a-2127-422b-91ae-364da2661108)
http://www.openwall.com/lists/oss-security/2025/04/18/1(af854a3a-2127-422b-91ae-364da2661108)
http://www.openwall.com/lists/oss-security/2025/04/18/2(af854a3a-2127-422b-91ae-364da2661108)
http://www.openwall.com/lists/oss-security/2025/04/18/6(af854a3a-2127-422b-91ae-364da2661108)
http://www.openwall.com/lists/oss-security/2025/04/19/1(af854a3a-2127-422b-91ae-364da2661108)
https://lists.debian.org/debian-lts-announce/2025/04/msg00028.html(af854a3a-2127-422b-91ae-364da2661108)
https://security.netapp.com/advisory/ntap-20250425-0001/(af854a3a-2127-422b-91ae-364da2661108)
https://github.com/ProDefense/CVE-2025-32433/blob/main/CVE-2025-32433.py(134c704f-9b21-4f2e-91b3-4a467353bcc0)
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-erlang-otp-ssh-xyZZy(134c704f-9b21-4f2e-91b3-4a467353bcc0)
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-32433(134c704f-9b21-4f2e-91b3-4a467353bcc0)
IOC Correlations
No correlations recorded
This product uses data from the NVD API but is not endorsed or certified by the NVD.